Re: [PATCH v6 4/4] doc: add readme file for acvp_tool

[Jeremy Spewock <jspewock@iol.unh.edu>]

[-- Attachment #1: Type: text/plain, Size: 3352 bytes --]

On Tue, Mar 28, 2023 at 4:27 AM Ali Alnubani <alialnu@nvidia.com> wrote:

> > -----Original Message-----
> > From: jspewock@iol.unh.edu <jspewock@iol.unh.edu>
> > Sent: Monday, March 27, 2023 7:52 PM
> > To: ci@dpdk.org
> > Cc: Jeremy Spewock <jspewock@iol.unh.edu>
> > Subject: [PATCH v6 4/4] doc: add readme file for acvp_tool
> >
> > From: Jeremy Spewock <jspewock@iol.unh.edu>
> >
> > updated out-of-date acvp_tool readme
>
> This only describes the diff with Brandon's patch. The original commit
> message should have been kept instead and expanded if needed.
>
> >
> > Signed-off-by: Jeremy Spewock <jspewock@iol.unh.edu>
> > ---
> [..]
> > +* FIPS Object Module
> > +```
> > +curl -o openssl-fips-2.0.16.tar.gz
> https://www.openssl.org/source/openssl-
> > fips-2.0.16.tar.gz
> > +tar xvfm openssl-fips-2.0.16.tar.gz
> > +cd openssl-fips-2.0.16
> > +./config
> > +make
> > +make install
> > +```
>
> Is this module required even with recent versions of openssl?
>

In recent testing of the dependencies, when this module wasn't present
there is inconsistent behavior that leads to errors.


>
> > +* OpenSSL library
> > +```
> > +curl -o openssl-1.0.2o.tar.gz https://www.openssl.org/source/openssl-
> > 1.0.2o.tar.gz
> > +export CFLAGS='-fPIC'
> > +tar xvfm openssl-1.0.2o.tar.gz
> > +cd openssl-1.0.2o
> > +./config shared fips
> > +make depend
> > +make
> > +```
>
> OpenSSL 1.0.2 is deprecated and probably vulnerable (
> https://www.openssl.org/news/vulnerabilities-1.0.2.html).
> You're also only building locally here, and you aren't pointing DPDK build
> to it, so I doubt it's making a difference.
>

After doing some testing, it seems that this library is not needed in order
to run the application and get passing vectors.


>
> Can you please double check these dependencies?
>
>
These dependencies were actually taken from the test plan documentation
written for running the FIPS sample application. This was the only
documentation I could find that mentions the required libraries in order to
run the sample application so I followed it as closely as I could. The only
thing I had to change was the version of the IPsec library because it
wouldn't build with this older outdated version. This documentation should
likely be updated:

https://git.dpdk.org/tools/dts/tree/test_plans/fips_cryptodev_test_plan.rst


> [..]
> > +### Using the DPDK FIPS Validation Example Application
> > +First, you have to make sure that you configure DPDK to build the FIPS
> > sample application before you compile with ninja
> > +```
> > +#inside dpdk/
> > +meson build --werror
> > +meson configure -Dexamples=fips_validation build
>
> You can combine them into a single command:
> meson --werror  -Dexamples=fips_validation build
>
> > +sudo ninja -C build
>
> You're only making local changes here. If sudo wasn't required for the
> meson commands, it won't be required for this one.
>
> Additionally, I see the following warnings when applying the patch:
>
> Applying: doc: add readme file for acvp_tool
> .git/rebase-apply/patch:63: trailing whitespace.
> * In order to test AES-CTR you'll also have to remove the key `"ivGenMode"`
> .git/rebase-apply/patch:133: trailing whitespace.
>

Fixed in v7.


>
> - Ali
>

Thanks,
Jeremy

[-- Attachment #2: Type: text/html, Size: 5404 bytes --]